Db2 is a bit unusual among RDBMSes in that it does not perform authentication. No matter what, you need some external authority to perform authentication. Usually that is either the OS or LDAP, though there are other options. If using LDAP, either transparent LDAP or security plugins can be used.… Read the restContinue reading »
To list the database authorities held by an ID or group – authorities, not privileges. This information is not available in sysibmadm.privileges. The format of syscat.dbauth has columns with ‘Y’ or ‘N’ in them, and reading that quickly to answer the question “What permissions does this ID have?”… Read the restContinue reading »
Edit: 01/23/2018 – corrected one word not in an SQL statement.
I have written several other articles on security and permissions, but I thought I would write one from a purely practical perspective. If you don’t understand the basics of how DB2 handles users, authentication, authorization, and privileges, please read Db2 Basics: Users, Authentication, and Authorization.… Read the restContinue reading »
Some applications are really good at continually trying to re-establish connections to a database. This can be useful when I want to quickly bounce the database and have the app reconnect without also having to bounce the app. It is problematic when I need DB2 to be down and stay down, but still allow me to work with it.… Read the restContinue reading »
Like any software, DB2 requires frequent patching. A database should be one of the most secure parts of any enterprise, and keeping it secure means keeping up with the fixes that are delivered in fix packs.
DB2 delivers many things through fixpacks, including:
- Security Fixes
- Bug Fixes
- New Functionality – though IBM goes back and forth on this
IBM delivered Native Encryption in Fix Pack 5 of DB2 10.5.… Read the restContinue reading »
This post is not meant to be a comprehensive coverage of security, but an overview such that those newer to DB2 know what areas they may want to research further.
Users, Authentication, and Authorization
I’ve already covered this in some detail in DB2 Basics: Users, Authentication, and Authorization.… Read the restContinue reading »
I’ve recently implemented native encryption for a small database on a server that is somewhat oversized on CPU and memory. One of the things I noticed after encrypting my database was both increased backup duration and increased backup size.
On this particular system, I take compressed DB2 backups to disk, which is later externalized.… Read the restContinue reading »
With fixpack 5 of DB2 10.5, IBM introduced Native Encryption for data at rest in DB2. This is a fairly significant new feature for introduction in a fixpack. It does require separate licensing – either the Advanced Edition of ESE or WSE or the separate purchase of the Native Encryption feature.… Read the restContinue reading »
To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two.
What is LBAC
Label Based Access Control essentially adds a column to a table that labels each row (think confidential, secret, top secret), and then grants uses of those labels to users to allow them to access the data.… Read the restContinue reading »